Uploaded image for project: 'Subversion'
  1. Subversion
  2. SVN-2960

authz problems when you can read children of paths you can't read (svnsync, log, etc)

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Blocker
    • Resolution: Unresolved
    • Affects Version/s: ---
    • Fix Version/s: 1.10-consider
    • Component/s: svnsync
    • Labels:

      Description

      We have come across an issue trying to use svnsync to synchronize
      a repository where the user doing the syncrhonization has read
      permissions on some selected subtrees of the repository, but not on the
      repository root or top-level trunk.
      
      To reproduce:
      
      1. set up master repo
      
      2. load attached dump
      
      3. configure access control
      
      [/]
      *=
      [/trunk/module]
      *=r
      
      4. check that the access control is properly enforced
      
      svn ls svn+ssh://localhost/path/to/master
      --> svn: Authorization failed
      
      svn ls svn+ssh://localhost/path/to/master/trunk/module
      --> README
      
      5. set up slave repo
      
      $ svnsync init file:///path/to/slave svn+ssh://localhost/path/to/master
      --> Copied properties for revision 0.
      
      6. launch sync
      $ svnsync sync file:///path/to/slave svn+ssh://localhost/path/to/master
      --> svnsync hangs because it fails to execute the open-dir operation
          on non-existent directory 'trunk' (because it never saw the
          directory creating operation, having no visibility on it)
      
      Proposed fix is for svnsync to create any directory that does not exist
      at the time it tries to open it. I have a patch to this effect, which seems
      to work well here (see mailing list message:
      http://subversion.tigris.org/servlets/ReadMsg?list=dev&msgNo=130877).
      Alternative solution is to fix
      the issue at the replay level (I'm not very familiar with the code yet, so I'll
      likely need help if this solution is preferred).
      level.
      

      http://subversion.tigris.org/servlets/BrowseList?list=dev&by=thread&from=613022

        Attachments

        1. 3_doit.sh
          2 kB
          David Samuel Glasser
        2. 2_dump.txt
          1.0 kB
          Thomas Quinot
        3. 1_svnsync.diff
          1 kB
          Thomas Quinot

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              quinot Thomas Quinot
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: